NHSmail registers 11 million blocked attacks in three years

  • 16 July 2019
NHSmail registers 11 million blocked attacks in three years

Data released through a Freedom of Information request has revealed that NHS email systems have been subjected to some 11 million attacks over the past three years.

According to the information released by NHS Digital, the NHSmail system blocked a total of 11.35 million email attacks between its 2016-2019 financial years.

The most common attacks were those categorised as IP or domain reputation attacks, of which 6.12m were recorded.

Anti-spam systems registered 3.62m incidents during this period, while anti-virus systems recorded 852,000 incidents.

The Freedom of Information (FOI) request was put in by Delinea, a threat analytics software firm based in the US.

The company said the data, which comes a little over two years since the WannaCry attack in 2017, “paints a disturbing picture of the threats posed to the NHSmail infrastructure system”.

Andy Heather, vice president of Centrify, added: “It’s clear that hackers view the NHS as a top target with growing volumes of email attacks deliberately designed to fool doctors, nurses and other health service workers into handing over confidential data.

“Increasingly we’re seeing cyber-criminals gaining access to private information like patient records using legitimate log-in details which have been stolen or sold online.

“All too often this means that malicious activity remains undetected before it’s too late, so it’s vital that hospitals adopt a zero-trust approach to all user activity, ensuring every employee is verified and they are who they say they are.”

NHSmail is used by more than half a million staff on a daily basis in England and Scotland and is available for use by all organisations that are commissioned to deliver publicly funded health and social care.

The worldwide ransomware attack in 2017 targeted computers running the Microsoft Windows operating system, affecting at least 80 of the 236 trusts across England and leaving the NHS with a £92m IT bill.

A white paper written by researchers from Imperial College London’s Institute of Global Health Innovation and recently presented to the House of Lords said fresh investment in NHS cyber security was “urgently needed” to protect patient safety.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.
GP blood testing restored three months after Synnovis cyber attack

GP blood testing restored three months after Synnovis cyber attack

GP blood testing services across south east London have been restored following the cyber attack on Synnovis, NHS London has confirmed.
Crisis communications: how to cope when the NHS is held to ransom

Crisis communications: how to cope when the NHS is held to ransom

Building a reputation in health tech can take decades, yet it can be undone by a single crisis, writes Silver Buck’s Sarah Bruce

1 Comments

  • The solution is obvious. Keep on creating ever larger quantities of unnecessary identifiable personal data, linked together from ever more sources, and stored in ever larger databases from which nobody can opt out. NHS systems will then naturally cease to be a prime target for cyber criminals. Simple, the solution has been obvious from the start. We just need more, more, more coercive personal data processing so cyber criminals lose interest and go elsewhere where the pickings are richer,

Comments are closed.